From 053c76d51a8e1cbfc2b2ef620ccfcd3206343fb6 Mon Sep 17 00:00:00 2001
From: Kevin Decherf <kevin@kdecherf.com>
Date: Sun, 20 Jul 2025 19:03:54 +0200
Subject: [PATCH] fixup! Add a two-step setup of OTP

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
---
 src/Entity/User.php                       |  4 +++-
 tests/Controller/ConfigControllerTest.php | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/Entity/User.php b/src/Entity/User.php
index 532f56160..e8051c05a 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -147,7 +147,9 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
     #[ORM\Column(name: 'googleAuthenticatorSecret', type: 'string', nullable: true)]
     private $googleAuthenticatorSecret;
 
-    #[ORM\Column(name: 'google_authenticator', type: 'boolean')]
+    // default value is explicitly set to false here to ensure that Doctrine
+    // does not complain about schema mapping mismatch
+    #[ORM\Column(name: 'google_authenticator', type: 'boolean', options: ['default' => false])]
     private $googleAuthenticator = false;
 
     /**
diff --git a/tests/Controller/ConfigControllerTest.php b/tests/Controller/ConfigControllerTest.php
index 65b51b080..734a25a69 100644
--- a/tests/Controller/ConfigControllerTest.php
+++ b/tests/Controller/ConfigControllerTest.php
@@ -1253,6 +1253,13 @@ class ConfigControllerTest extends WallabagTestCase
         $secret = $crawler->filter('div#config_otp_app_secret pre code')->innerText();
         $this->assertSame('DUMMYSECRET', $secret);
 
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository(User::class)
+            ->findOneByUsername('admin');
+        // At this phase, the user should not have 2FA enabled
+        $this->assertFalse($user->isGoogleTwoFactor());
+
         // First test: send invalid OTP code
         $form = $crawler->filter('form[name=config_otp_app_check]')->form();
         $data = [
@@ -1286,6 +1293,7 @@ class ConfigControllerTest extends WallabagTestCase
 
         // Restore user
         $user->setGoogleAuthenticatorSecret(null);
+        $user->setGoogleAuthenticator(false);
         $user->setBackupCodes([]);
         $em->persist($user);
         $em->flush();
@@ -1302,6 +1310,7 @@ class ConfigControllerTest extends WallabagTestCase
             ->findOneByUsername('admin');
 
         $user->setGoogleAuthenticatorSecret('Google2FA');
+        $user->setGoogleAuthenticator(true);
         $em->persist($user);
         $em->flush();
 
@@ -1314,7 +1323,6 @@ class ConfigControllerTest extends WallabagTestCase
 
         $this->assertStringContainsString('flashes.config.notice.otp_disabled', $client->getContainer()->get(SessionInterface::class)->getFlashBag()->get('notice')[0]);
 
-        // restore user
         $em = $this->getEntityManager();
         $user = $em
             ->getRepository(User::class)
@@ -1322,6 +1330,7 @@ class ConfigControllerTest extends WallabagTestCase
 
         $this->assertEmpty($user->getGoogleAuthenticatorSecret());
         $this->assertEmpty($user->getBackupCodes());
+        $this->assertFalse($user->isGoogleTwoFactor());
     }
 
     public function testExportTaggingRule()